Surya Batchu wrote:
Apache Servers accepts any number \r\n sequences before the request line. To avoid evasion, the rules can be changed to have content search with pcre, such as "^(\r\n)*GET".

This is a valid problem with the rule, but for performance sake we can't go pcre for each packet. It'll have to remain an unfortunate possible evasion, hopefully not used. We'll have to adjust if we see it in the wild.